Serial No. 10/825,827; Filed 4/16/2004 
Reply to Final Office Action 



Docket No. 50325-0874 



LISTING OF THE CLAIMS 

1. (Currently Amended) A method of dynamically mitigating a noncompliant password, the 

method comprising the machine-implemented steps of: 

obtaining a password from a user when the user attempts to access a service; 

determining whether the password meets quality criteria; and 

ii'tlie password meets lite ciualily criteria, urantinii to the user a first level of access to the 
serv ic e, wherein the graniing of the first le vel of access to llie serv ice is de pendant 
on the password exceediuj:); a qualitv criteria tlireshokl; 

if the password does not meet the quality criteria^ granting to the user a different level of 
access to the service than if the password meets the quality criteria; 

wherein the user is associated with a particular user role, and wherein determining 

whether the password meets quality criteria comprises determining whether the 
password meets quality criteria for the particular user rolej^r] 

wherei n th e me liiod is perfo mied b y one or more co niputing devices. 

2. (Currently Amended) The method of Claim 1, further comprising: 

W"4hei3af^SAvefdHBee4}s~(he~t 

i ^ ervicg, wlierein the first level of ac ce ss t o the . ^i ervi ce iiy a^iiy ociul ed wiili the 
i|Hx.i-l il.y ef-k-eri-rH 

if the password meets a second quality criteria, granting to the user a second level of 
access to the service, wherein the second level of access to the service is 
associated with the second quality criteria, wherein the second quality criteria is 
distinct from the quality criteria and wherein, if a particular password meets the 
quality criteria, then the password meets the second quality criteria. 

3. (Previously presented) The method of Claim 1, further comprising if the password does not 

meet the quality criteria, performing one or more of: 

logging information related to the password; 

sending a report about the password; 
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generating an alert about the password; 
forcing a password change; or 
blocking the user's access to the service. 

4. (Original) The method of Claim 1, wherein the method further comprises, if the password 

does meet the quality criteria, providing user access to the service. 

5. (Original) The method of Claim 1 , wherein the step of determining whether the password 

meets quality criteria further comprises one or more of the steps of: 
performing a dictionary look-up based on the one or more symbols used in the password; 
checking the length of the one or more symbols used in the password; 
checking the number of unique characters of the one or more symbols used in the 
password; 

checking the case of the characters in the one or more symbols used in the password; 
checking the sequencing of characters in the one or more symbols used in the password; 
or 

performing statistical analysis based on the one or more symbols used in the password. 

6. (Original) The method of Claim 1, wherein the step of performing one or more responsive 

actions that relate to accessing the service comprises logging information related to the 
password. 

7. (Previously presented) The method of Claim 1, further comprising if the password does not 

meet the quality criteria, sending a report about the password. 

8. (Previously presented) The method of Claim 1, further comprising if the password does not 

meet the quality criteria, generating an alert about the password. 

9. (Previously presented) The method of Claim 1, further comprising if the password does not 

meet the quality criteria, forcing a password change. 
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10. (Previously presented) The method of Claim 1, further comprising if the password does not 

meet the quality criteria, blocking the user's access to the service. 

1 1 . (Original) The method of Claim 1 , wherein obtaining the password from the user comprises 

obtaining the password from the user via a graphical user interface. 

12. (Original) The method of Claim 1, wherein obtaining the password from the user comprises 

obtaining the password from the user via an electronic interface. 

13. (Original) The method of Claim 1, wherein the method further comprises the step of 

determining a quality score for the password, and wherein the step of determining 
whether the password meets quality criteria comprises comparing the quality score to a 
predefined threshold value. 

14. (Original) The method of Claim 1, further comprising the steps of: 

obtaining the password from a repository of passwords; 

making a first determination whether the password meets quality criteria; and 

storing in a particular machine-readable medium an indication of the first 

determination for the password; 
wherein the step of determining whether the password meets quality criteria comprises 

accessing the particular machine-readable medium. 

15. (Cancelled) 

16. (Original) The method of Claim 1, wherein determining whether the password meets quality 

criteria comprises determining whether the password meets quality criteria for the service. 

17. (Original) The method of Claim 1, wherein the step of obtaining the password comprises an 

access service obtaining the password from the user when the user attempts to access the 

service, and wherein the access service comprises machine executable instructions 

executing on a particular machine, and the service comprises machine executable 

instruction executing on the same particular machine. 
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18. (Original) The method of Claim 1, wherein the step of obtaining the password comprises an 

access service obtaining the password from the user when the user attempts to access the 
service, and wherein the access service comprises machine executable instructions 
executing on a first machine and the service comprises machine executable instructions 
executing on a second machine, wherein the first machine is distinct from the second 
machine. 

19. (Currently Amended) A method of dynamically mitigating a noncompliant password, the 

method comprising the machine-implemented steps of: 

obtaining a password from a user when the user attempts to access a service; 

determining whether the password meets quality criteria; and 

if the password meets the quality criteria, granting to the user a first level or acces.s to the 
service, wherein the granline of the firs! level of access to the service is dependant 
on the password exceeding a quality criteria tlireshokl: 

if the password does not meet the quality criteria, grantingjxu^^^^^^^^ a different level of 
access to the service than if the password meets the quality criteria; 

wherein the user is associated with a particular user role, and wherein determining 

whether the password meets quality criteria comprises determining whether the 
password meets quality criteria for the particular user role; 

wherein the step of determining whether the password meets quality criteria further 
comprises one or more of the steps of: 

performing a dictionary look-up based on the one or more symbols used in the 
password; 

checking the length of the one or more symbols used in the password; 
checking the number of unique characters of the one or more symbols used in the 
password; 

checking the case of the characters in the one or more symbols used in the 
password; 

checking the sequencing of characters in the one or more symbols used in the 
password; or 
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performing statistical analysis based on the one or more symbols used in the 
passwordiirj 

wherein the method is performed bv one or more computing devices. 

20. (Currently Amended) A aoi i transi lory machine-readable medium carrying one or more 

sequences of instructions for dynamically mitigating a noncompliant password, which 
instructions, when executed by one or more processors, cause the one or more processors 
to carry out the steps of: 

obtaining a password from a user when the user attempts to access a service; 
determining whether the password meets quality criteria; and 

if the password meets the quality criteria, <;rantiniy to iJie user a first level of access to th e 
service, whciein the granting of the first level of access to the s ervice is.'dene nd^int 
on the passw ord exceedine a quaHty cnicna ihrcsiiotd: 

if the password does not meet the quality criteria, grantingjg^^^^^^^ a different level of 
access jo Uie sendee than if the password meets the quality criteria; 

wherein the user is associated with a particular user role, and wherein determining 

whether the password meets quality criteria comprises determining whether the 
password meets quality criteria for the particular user role. 

21 . (Currently Amended) The non transitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: 

if the paMi- iw - o r d m e ets th e quality crit.i:Mia; gi'aiitir)ff4e4l^ 

if the password meets a second quality criteria, granting to the user a second level of 
access to the service, wherein the second level of access to the service is 
associated with the second quality criteria, wherein the second quality criteria is 
distinct from the quality criteria and wherein, if a particular password meets the 
quality criteria, then the password meets the second quality criteria. 
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22. (Currently Amended) The non-transiiorv machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: if the password does not meet the quality criteria, 
performing one or more of: 

logging information related to the password; 

sending a report about the password; 

generating an alert about the password; 

forcing a password change; or 

blocking the user's access to the service. 

23. (Currently Amended) The non-traiisitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out the step of, if the password does meet the quality 
criteria, providing user access to the service. 

24. (Currently Amended) The nori-transilory machine-readable medium of Claim 20, 

wherein the step of determining whether the password meets quality criteria further 
comprises one or more of the steps of: 

performing a dictionary look-up based on the one or more symbols used in the password; 
checking the length of the one or more symbols used in the password; 
checking the number of unique characters of the one or more symbols used in the 
password; 

checking the case of the characters in the one or more symbols used in the password; 
checking the sequencing of characters in the one or more symbols used in the password; 
or 

performing statistical analysis based on the one or more symbols used in the password. 

25. (Currently Amended) The non-iransitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: if the password does not meet the quality criteria, 
logging information related to the password. 
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26. (Currently Amended) The iion "transitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: if the password does not meet the quality criteria, 
sending a report about the password. 

27. (Currently Amended) The norH^^^^^^ medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: if the password does not meet the quality criteria, 
generating an alert about the password. 

28. (Currently Amended) The non-tra nsit ory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: if the password does not meet the quality criteria, 
forcing a password change. 

29. (Currently Amended) The non-tritnsiiorv machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: if the password does not meet the quality criteria, 
blocking the user's access to the service. 

30. (Currently Amended) The non-iransi lorv machine-readable medium of Claim 20, 

wherein obtaining the password from the user comprises obtaining the password from the 
user via a graphical user interface. 

3 1 . (Currently Amended) The aon - transi i orv machine-readable medium of Claim 20, 

wherein obtaining the password from the user comprises obtaining the password from the 
user via an electronic interface. 

32. (Currently Amended) The non iransitorv machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out the step of determining a quality score for the 
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password, and wherein the step of determining whether the password meets quality 
criteria comprises comparing the quality score to a predefined threshold value. 

33. (Currently Amended) The non-iransitorv machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out the steps of: 

obtaining the password from a repository of passwords; 

making a first determination whether the password meets quality criteria; and 

storing in a particular machine-readable medium an indication of the first 
determination for the password; 
and wherein the step of determining whether the password meets quality criteria 

comprises accessing the particular machine-readable medium. 

34. (Cancelled) 

35. (Currently Amended) The non-traiisitorv machine-readable medium of Claim 20, 

wherein determining whether the password meets quality criteria comprises determining 
whether the password meets quality criteria for the service. 

36. (Currently Amended) An apparatus for dynamically mitigating a noncompliant password, 

comprising: 

one or more pi ocessors: 

means for obtaining a password from a user when the user attempts to access a service; 
means for determining whether the password meets quality criteria; and 

mecms \\n granting j first level of access to tlie service if the password meets the quality • 
criicria. wherein the first, level of access lo ihe service is associated wiih the 
ciualitv criteria; 

means for granting a different level of access, if the password does not meet the quality 

criteria, than if the password meets the quality criteria; 
wherein the user is associated with a particular user role, and wherein said means for 

determining whether the password meets quality criteria comprises means for 
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determining whether the password meets quality criteria for the particular user 
role. 

37. (Currently Amended) The apparatus of Claim 36, further comprising: 

m e mis for granling l:o the us e r a fivM lex'el ol' access to the service> if (he p ass w ord nieecs 
tli e qutiHty c riteria, wherein the rirj . it level of acce^is to th e i ^ ervice if» asjiociiued 

means for granting to the user a second level of access to the service, if the password 

meets a second quality criteria, wherein the second level of access to the service is 
associated with the second quality criteria, wherein the second quality criteria is 
distinct from the quality criteria and wherein, if a particular password meets the 
quality criteria, then the password meets the second quality criteria.. 

38. (Previously presented) The apparatus of Claim 36, further comprising means for performing, 

if the password does not meet the quality criteria, one or more of: 
means for logging information related to the password; 
means for sending a report about the password; 
means for generating an alert about the password; 
means for forcing a password change; or 
means for blocking the user's access to the service. 

39. (Original) The apparatus of Claim 36, wherein the apparatus further comprises means for 

providing user access to the service if the password does meet the quality criteria. 

40. (Original) The apparatus of Claim 36, wherein the means for determining whether the 

password meets quality criteria further comprises one or more of: 
means for performing a dictionary look-up based on the one or more symbols used in the 
password; 

means for checking the length of the one or more symbols used in the password; 
means for checking the number of unique characters of the one or more symbols used in 
the password; 
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means for checking the case of the characters in the one or more symbols used in the 
password; 

means for checking the sequencing of characters in the one or more symbols used in the 

password; or 

means for performing statistical analysis based on the one or more symbols used in the 
password. 

41. (Previously presented) The apparatus of Claim 36, further comprising means for logging 

information related to the password, if the password does not meet the quality criteria. 

42. (Previously presented) The apparatus of Claim 36, further comprising means for sending a 

report about the password, if the password does not meet the quality criteria. 

43. (Previously presented) The apparatus of Claim 36, further comprising means for generating 

an alert about the password, if the password does not meet the quality criteria. 

44. (Previously presented) The apparatus of Claim 36, further comprising means for forcing a 

password change, if the password does not meet the quality criteria. 

45. (Previously presented) The apparatus of Claim 36, further comprising means for blocking the 

user's access to the service, if the password does not meet the quality criteria. 

46. (Original) The apparatus of Claim 36, wherein the means for obtaining the password from 

the user comprises means for obtaining the password from the user via a graphical user 
interface. 

47. (Original) The apparatus of Claim 36, wherein the means for obtaining the password from 

the user comprises means for obtaining the password from the user via an electronic 
interface. 

48. (Original) The apparatus of Claim 36, wherein the apparatus further comprises means for 

determining a quality score for the password, and wherein the means for determining 
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whether the password meets quality criteria comprises means for comparing the quality 
score to a predefined threshold value. 

49. (Original) The apparatus of Claim 36, further comprising: 

means for obtaining the password from a repository of passwords; 
means for making a first determination whether the password meets quality 
criteria; and 

means for storing in a particular machine-readable medium an indication of the 
first determination for the password; 
and wherein the means for determining whether the password meets quality criteria 
comprises means for accessing the particular machine-readable medium. 

50. (Cancelled) ^ 

51. (Original) The apparatus of Claim 36, wherein means for determining whether the password 

meets quality criteria comprises means for determining whether the password meets 
quality criteria for the service. 

52. (Original) The apparatus of Claim 36, wherein the means for obtaining the password 

comprises means for an access service to obtain the password from the user when the user 
attempts to access the service, and wherein the access service comprises means for 
executing on a particular machine, and wherein the service comprises means for 
executing on the same particular machine. 

53. (Original) The apparatus of Claim 36, wherein the means for obtaining the password 

comprises means for an access service to obtain the password from the user when the user 
attempts to access the service, and wherein the access service comprises means for 

executing on a first machine and the service comprises means for executing on a second 
machine, wherein the first machine is distinct from the second machine. 

54. (Currently Amended) An apparatus for dynamically mitigating a noncompliant password, 

comprising: 
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a network interface that is coupled to the data network for receiving one or more packet 

flows therefrom; 
a processor; 

one or more stored sequences of instructions which, when executed by the processor, 
^ cause the processor to carry out the steps of: 

obtaining a password from a user when the user attempts to access a service; 
determining whether the password meets quality criteria; and 

if the password meets the quality criteria, granting to the user a first level oF 

access to the service, wherein the granria!^ of the first level of access to the 
service i s de pe ndaiM o n the p a sswt)r J e xceeding a c|ualitv criteria 

th rcs huld: 

if the password does not meet the quality criteria, grantinglcu^^^^^^^^ a different 
level of access to the sej^ ice than if the password meets the quality 
criteria; 

wherein the user is associated with a particular user role, and wherein determining 
whether the password meets quality criteria comprises determining 
whether the password meets quality criteria for the particular user role. 

55. (Currently Amended) The apparatus of Claim 54, wherein the apparatus further comprises 
one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out: 

if the pcis^ i vvord m ee t s the quali ty crit e riu, granting to th e me r a first l e vel of ucc es.s to the 
ser v i .ce> vv[) e r ek i th e firs t ; lev el, of access co the ser v i c e i s as soct iH€ift-wif)^#^ 
quality criteria; 

if the password meets a second quality criteria, granting to the user a second level of 
access to the service, wherein the second level of access to the service is 
associated with the second quality criteria, wherein the second quality criteria is 
distinct from the quality criteria and wherein, if a particular password meets the 
quality criteria, then the password meets the second quality criteria. 
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56. (Previously presented) The apparatus of Claim 54, wherein the apparatus further comprises 

one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out: if the password does not meet the quality criteria, 
performing one or more of: 

logging information related to the password; 

sending a report about the password; 

generating an alert about the password; 

forcing a password change; or 

blocking the user's access to the service. 

57. (Original) The apparatus of Claim 54, wherein the apparatus further comprises one or more 

stored sequences of instructions which, when executed by the processor, cause the 
processor to carry out the step of, if the password does meet the quality criteria, providing 
user access to the service. 

58. (Original) The apparatus of Claim 54, wherein the step of determining whether the password 

meets quality criteria comprises one or more of the steps of: 

performing a dictionary look-up based on the one or more symbols used in the password; 
checking the length of the one or more symbols used in the password; 
checking the number of unique characters of the one or more symbols used in the 
password; 

checking the case of the characters in the one or more symbols used in the password; 
checking the sequencing of characters in the one or more symbols used in the password; 
or 

performing statistical analysis based on the one or more symbols used in the password. 

59. (Previously presented) The apparatus of Claim 54, wherein the apparatus further comprises 

one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out: if the password does not meet the quality criteria, 
logging information related to the password. 
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60. (Previously presented) The apparatus of Claim 54, wherein the apparatus further comprises 

one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out: if the password does not meet the quality criteria, 
sending a report about the password. 

61. (Previously presented) The apparatus of Claim 54, wherein the apparatus further comprises 

one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out: if the password does not meet the quality criteria, 
generating an alert about the password. 

, 62. (Previously presented) The apparatus of Claim 54, wherein the apparatus further comprises 
one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out: if the password does not meet the quality criteria, forcing 
a password change. 

63. (Previously presented) The apparatus of Claim 54, wherein the apparatus further comprises 

one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out: if the password does not meet the quality criteria, 
blocking the user's access to the service. 

64. (Original) The apparatus of Claim 54, wherein obtaining the password from the user 

comprises obtaining the password from the user via a graphical user interface. 

65. (Original) The apparatus of Claim 54, wherein obtaining the password from the user 

comprises obtaining the password from the user via an electronic interface. 

66. (Original) The apparatus of Claim 54, wherein the apparatus further comprises one or more 

stored sequences of instructions which, when executed by the processor, cause the 
processor to carry out the step of determining a quality score for the password, and 
wherein the step of determining whether the password meets quality criteria comprises 
comparing the quality score to a predefined threshold value. 
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67. (Original) The apparatus of Claim 54, further comprising one or more stored sequences of 

instructions which, when executed by the processor, cause the processor to carry out the 
steps of: 

obtaining the password from a repository of passwords; 
making a first determination whether the password meets quality criteria; and 
storing in a particular machine-readable medium an indication of the first 
determination for the password; 
and wherein the step of determining whether the password meets quality criteria 
comprises accessing the particular machine-readable medium. 

68. (Cancelled) 

69. (Original) The apparatus of Claim 54, wherein determining whether the password meets 

quality criteria comprises determining whether the password meets quality criteria for the 
service. 

70. (Original) The apparatus of Claim 54, wherein the step of obtaining the password comprises 

an access service obtaining the password from the user when the user attempts to access 
the service, and wherein the access service comprises machine executable instructions 
executing on the apparatus, and the service comprises machine executable instruction 
executing on the same apparatus. 

71. (Original) The apparatus of Claim 54, wherein the step of obtaining the password comprises 

an access service obtaining the password from the user when the user attempts to access 
the service, and wherein the access service comprises machine executable instructions 
executing on a first machine and the service comprises machine executable instructions 
executing on a second machine, wherein the first machine is distinct from the second 
machine. 
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